Ready to take your JavaScript development to the next level? Meet npm Enterprise - the ultimate in enterprise JavaScript. Learn more »


2.0.0 • Public • Published


Node.js library to bypass cloudflare's anti-ddos page.

If the page you want to access is protected by CloudFlare, it will return special page, which expects client to support Javascript to solve challenge.

This small library encapsulates logic which extracts challenge, solves it, submits and returns the request page body.

You can use request-cloudflare even if you are not sure if CloudFlare protection is turned on.

In general, CloudFlare has 4 types of common anti-bot pages:

  • Simple html+javascript page with challenge
  • Page which redirects to original site
  • Page with recaptcha
  • Page with error ( your ip was banned, etc)

Unfortunatelly there is no solution, if website is protected by captcha.

If you notice that for some reason request-cloudflare stopped to work, do not hesitate and get in touch with me ( by creating an issue here, for example), so i can update it.


npm install request-cloudflare


var requestCloudflare = require('request-cloudflare');
//API Promises
// API Callback
requestCloudflare.get('', function(error, response, body) {
  if (error) {
    console.log('Error occurred');
  } else {
    console.log(body, response);

or for POST action:'', {field1: 'value', field2: 2}, function(error, response, body) {

A generic request can be made with requestCloudflare.request(options, callback). The options object should follow request's options. Not everything is supported however, for example http methods other than GET and POST. If you wanted to request an image in binary data you could use the encoding option:

    method: 'GET',
    encoding: null, //=>utf8
    challengesToSolve: 3, // optional, if CF returns challenge after challenge, how many to solve before failing
    followAllRedirects: true, // mandatory for successful challenge solution
  }, function(err, response, body) {
    //body is now a buffer object instead of a string

Error object

Error object has following structure:

var error = {errorType: 0, error:...};

Where errorType can be following:

  • 0 if request to page failed due to some native reason as bad url, http connection or so. error in this case will be error event
  • 1 cloudflare returned captcha. Nothing to do here. Bad luck
  • 2 cloudflare returned page with some inner error. error will be Number within this range 1012, 1011, 1002, 1000, 1004, 1010, 1006, 1007, 1008. See more here
  • 3 this error is returned when library failed to parse and solve js challenge. error will be String with some details. ⚠️ ⚠️ Most likely it means that cloudflare have changed their js challenge.
  • 4 CF went into a loop and started to return challenge after challenge. If number of solved challenges is greater than 3 and another challenge is returned, throw an error

Running tests

Unknown error? Library stopped working?

Let me know, by opening issue in this repo and i will update library asap. Please, provide url and body of page where request-cloudflare failed.

request-cloudflare uses Request to perform requests.


Current cloudflare implementation requires browser to respect the timeout of 5 seconds and request-cloudflare mimics this behaviour. So everytime you call requestCloudflare.get you should expect it to return result after 5+ seconds.


  • Check for recaptcha
  • Support cookies, so challenge can be solved once per session
  • Support page with simple redirects
  • Add proper testing
  • Remove manual 302 processing, replace with followAllRedirects param
  • Parse out the timeout from chalenge page
  • Reoder the arguments in get/post/request methods and allow custom options to be passed in
  • Expose solve methods to use them independently
  • Support recaptcha solving
  • Promisification

Kudos to contributors



npm i request-cloudflare

Downloadsweekly downloads









last publish


  • avatar
Report a vulnerability